This is the command flow-filter that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
flow-filter — Filter flows.
SYNOPSIS
flow-filter [-hko] [-a src_as_filter] [-A dst_as_filter] [-b big|little] [-C comment]
[-D dstaddr_filter_name] [-d debug_level] [-e exaddr_filter] [-f acl_fname] [-i
input_filter] [-I output_filter] [-p srcport_filter] [-P dstport_filter] [-r
ipprot_filter] [-S srcaddr_filter_name] [-t tos_filter] [-T tcp_flags_filter] [-x
nexthop_filter_name] [-z z_level]
DESCRIPTION
The flow-filter utility will filter flows based on user selectable criteria. The IP
address filters are defined in flow.acl or by the filename specified by -f.
Other filters such as input interface and ports are defined on the command line. These
filters accept range and negation operators, ie -i1-15 for input interfaces 1 through 15
or -i1,15 for input interfaces 1 and 15, or !1,15 for not input interfaces 1 and 15.
The syntax is kludgy and needs reworked but works for most applications.
OPTIONS
-a src_as_filter
Source AS filter, ie -a159 to permit Autonomous System 159.
-A dst_as_filter
Destination AS filter, ie -A159,3112 to permit Autonomous Systems 159 and 3112.
-b big|little
Byte order of output.
-C Comment
Add a comment.
-d debug_level
Enable debugging.
-D dstaddr_filter_name
Destination IP address filter. This is the name or number of a standard access
list defined in flow.acl or the file specified by -f.
-e exaddr_filter
Exporter IP address filter. One exporter address can be filtered.
-f acl_fname
Access list filename. Defaults to flow.acl.
-h Display help.
-i input_filter
Input interface filter, ie -i0 to permit traffic from interface 0.
-k Keep time from input.
-I output_filter
Output interface filter, ie -I0 to permit traffic to interface 0.
-o Logical OR instead of AND filters.
-p srcport_filter
Source port filter, ie -p80 to only permit source port 80.
-P dstport_filter
Destination port filter, ie -P80,8080 to permit destination ports 80 and 8080.
-r ipprot_filter
IP Protocol filter, ie -r6 to only permit TCP traffic.
-S srcaddr_filter_name
Source IP address filter. This is the name or number of a standard access list
defined in flow.acl or the file specified by -f.
-t tos_filter
ToS bits filter. An optional mask is available which is applied to the tos
field before comparing to the filter list. For example to match a tos bit
pattern of 101xxxxx use 0xA0/0xE0.
-T tcp_flags_filter
TCP bits filter. An optional mask is available which is applied to the TCP
flags field before comparing to the filter list. For example to match a flows
with the SYN bit set use 0x2/0x2.
-x nexthop_filter_name
NextHop IP address filter. This is the name or number of a standard access list
defined in flow.acl or the file specified by -f.
-z z_level
Configure compression level to z_level. 0 is disabled (no compression), 9 is
highest compression.
EXAMPLES
Print all traffic with a destination port of 80.
flow-cat /flows/krc4 | flow-filter -P80 | flow-print
Print all traffic with with source IP 10.0.0.1. Populate flow.acl with
ip access-list standard badguy permit host 10.0.0.1
flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-print
Report all destinations that IP 10.0.0.1 has sent traffic to. Sort by octets. Populate
flow.acl with
ip access-list standard badguy permit host 10.0.0.1
flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-stat -f8 -S2
Use flow-filter online using onworks.net services